Legal

The fine print

CatalystView publishes information drawn from public SEC filings, paired with AI-generated commentary. Nothing here is investment advice — please read these before relying on anything you see.

Privacy Policy

Last updated · June 10, 2026

1 · Who we are

Data controller

CatalystView (catalystview.xyz) is operated by an individual based in the Republic of Lithuania, who acts as the “controller” under Regulation (EU) 2016/679 (the GDPR) and Lithuanian data-protection law. Data-protection contact: privacy@catalystview.xyz. As a small operator we have not appointed a Data Protection Officer; the operator handles all data-protection matters personally.

2 · Scope

What this policy covers

This explains what personal data CatalystView collects, why, how we use and share it, and your rights. It applies to visitors, registered account holders, and email subscribers. CatalystView is currently free to use (with optional, voluntary donations). We ask for the minimum personal data needed to run the Service and we do not sell personal data to anyone.

3 · What we collect

Categories of personal data

CategoryExamplesSource
Account dataEmail, display name, profile image (if provided), auth provider IDYou / Clerk
Subscription dataEmail address you give to receive the daily brief or alertsYou
Usage dataPages visited, signals viewed, watchlist items, device type, approximate location from IPAutomatic
Technical dataIP address, browser, OS, referrer, timestamps, error logsAutomatic
CommunicationsEmails you send us; alerts we send you (and delivery metadata)You / Resend

We do not knowingly collect data from children under 18, special-category data (Art. 9 GDPR), or criminal-conviction data.

4 · How we use it

Purposes and legal bases

  • Provide the Service — create and authenticate your account, deliver signals, manage watchlists. Art. 6(1)(b) GDPR.
  • Send the emails you opted into — the daily brief, signal alerts, account and security notices. Art. 6(1)(b) & (f).
  • Operate, secure, and improve the Service — debugging, abuse prevention, capacity planning, aggregate analytics. Art. 6(1)(f).
  • Comply with law — respond to lawful requests, defend legal claims. Art. 6(1)(c) & (f).

We do not make automated decisions that produce legal or similarly significant effects (Art. 22). The AI commentary you see is generated from public SEC filings, not from your personal data.

5 · Cookies

What we set

  • Strictly necessary cookies set by our authentication provider to keep you signed in.
  • Privacy-friendly, cookieless analytics from our host that records aggregate page-view and performance metrics. It does not use third-party cookies or build cross-site profiles.

Because we rely only on strictly-necessary cookies and cookieless analytics, we do not show a consent banner. If we ever add non-essential cookies or marketing trackers we will request your prior consent under the ePrivacy Directive.

6 · Sub-processors

Who we share data with

We use a small number of service providers that act only on our documented instructions:

ProcessorPurposeSafeguard
Clerk, Inc.Authentication, sessions, profilesUSA — EU SCCs
Vercel, Inc.Hosting, edge delivery, cookieless analyticsUSA/EU edge — SCCs, EU-US DPF
Resend, Inc.Sending the daily brief and alert emailsUSA — SCCs
OpenRouterRouting prompts to LLMs that summarise public filings; no personal data is sent in promptsUSA — SCCs where applicable

We may also disclose data where required by law or to defend our rights. We do not sell personal data or engage in cross-context behavioural advertising.

7 · International transfers

Data leaving the EEA

Several processors are in the United States. Where personal data leaves the EEA we rely on the European Commission's Standard Contractual Clauses and, where the recipient is certified, the EU-US Data Privacy Framework. Request a copy of the relevant safeguard by emailing us.

8 · Retention

How long we keep your data

  • Account data: while your account exists, plus up to 30 days after deletion to allow restore.
  • Subscription email: until you unsubscribe (one click in every email), plus a short suppression record so we don't email you again.
  • Email & web logs: up to 12 months for deliverability and abuse-prevention; longer only in aggregated, non-identifiable form.
  • Support emails: up to 24 months after the issue is resolved.
9 · Your rights

What you can ask us to do

Under the GDPR and Lithuanian law you have the right to:

  • Access the data we hold about you (Art. 15);
  • Rectify inaccurate or incomplete data (Art. 16);
  • Erase your data (Art. 17);
  • Restrict certain processing (Art. 18);
  • Portability — a machine-readable copy you can transmit elsewhere (Art. 20);
  • Object to processing based on legitimate interests (Art. 21);
  • Withdraw consent at any time, without affecting prior lawful processing.

To exercise any of these, email privacy@catalystview.xyz. We respond within one month (extendable by two for complex requests) and may need to verify your identity first. You may also complain to the Lithuanian State Data Protection Inspectorate (vdai.lrv.lt) or your own EU supervisory authority.

10 · Security

How we protect your data

We rely on industry-standard infrastructure: TLS in transit, encryption at rest with our hosting and authentication providers, hardened password storage handled by Clerk, least-privilege access, and regular dependency updates. No system is perfectly secure; if we discover a personal-data breach likely to risk your rights, we will notify the supervisory authority within 72 hours and, where the risk is high, notify affected users without undue delay (Art. 33–34 GDPR).

11 · Children & changes

Age requirement and updates

The Service is not directed at children under 18 and we do not knowingly collect their data; if you believe a child has provided data, contact us and we will delete it. We may update this policy from time to time — the “Last updated” date reflects the current version, and we will communicate material changes via the Service and, where appropriate, by email before they take effect.